package cn.gok.springsecuritydemo4.controller;


import cn.gok.springsecuritydemo4.entity.User;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.ArrayList;
import java.util.List;

/**
 * @author: chen fan
 * @since: 2022/11/22 11:55
 * @description:
 */
@RestController
public class DemoController {
    @GetMapping("/admin")
    @PreAuthorize("hasRole('ADMIN')")
    public String admin() {
        return "admin ok";
    }

    @PreAuthorize("hasRole('USER')")
    @GetMapping("/user")
    public String user() {
        return "user ok";
    }

    @GetMapping("/getInfo")
    public String getInfo() {
        return "info ok";
    }

    /**
        集合使用filterObject来获取
        单个对象使用returnObject来获取
     */
    @PreAuthorize("hasRole('ADMIN')")
    @PostFilter("filterObject.id%2!=0")
    @GetMapping("/getUsers")
    public List<User> getUsers(){
        List<User> users = new ArrayList<>();
        users.add(new User(1,"张三"));
        users.add(new User(2,"李四"));
        users.add(new User(3,"小明"));
        return users;
    }
}
